How a USB could become security risk for your device

A flash drive or USB may provide a capacity as large as 2TB or could have a small space of 256 MB but it caters the individuals in many aspects especially to store data. However, with the perspective of security, these USB drives could prove to be vulnerable to your devices.

In the mid of the previous year, the famous WikiLeaks Vault 7 series has accused the CIA of infecting USB drives for injecting malware into the PC or device to which they are connected.

However, the overwhelming rise in the use of such devices has also raised the incidents regarding privacy. Whereas, the data transfer contains some extreme security risks without you being able to judge the vulnerability before a potential destruction. The properties of USB drive such as portability and on-the-fly connection to various networks makes it more prone to losses such as physical control and network security breaches.

What are the Potential Risks?

The flash drives are designed in a way which could have some security flaws in them and according to some researchers, these could impact day-to-day computing. This could be an extreme judgment; however, these could at least bring a suspect to the efficiency and trustworthiness of the routine devices we insert to our PCs such as keyboards, flash drives, external hard drives, mouse, and more.

According to the findings of researchers, Karsten Nohl and Jakob Lell at Security Research Labs, the USB manufacturers do not protect the firmware in USB devices and therefore, a malware could likely overwrite the firmware and could take over the device’s control.

Thumb drives or other USB peripherals can be reprogrammed to steal any data written into the drive. Through such methods the USB is used to transmit the firmware-modifying code to the device it is inserted. This could result in destruction much like the previous one through floppy disks, that is, a self-replicating virus which spreads through sparing thumb drives.

According to US-CERT, the TechAdvisory.org has reported that 25 percent of the malware are transferred through USB drives. Unfortunately, the malware presence is noticed when there are certain symptoms of destruction and a malware in a single device could lead to other PCs in your home or organizational network.

A USB could act maliciously in three ways as predicted by Nohl and Lell;

1. A device could falsely act as a keyboard and issues its own commands to the control system for a malicious act such as to install malware or to steal files.

2. Another way it could be damaging is when the USB device pretends to be a network card. Eventually, it changes the computer’s “Domain name system” and directs you to insert a URL for a website to secretly redirect your traffic.

3. These external hard disks or thumb drive could infect the computers more when they intervene at the boot stage prior than the action of antivirus.

What could be Done to Minimize the USB Threats

Either you are connecting a USB drive to your personal PC or into a device of your organization; certain precautions could help you to evade the potential threats. There are some practices for the individuals to secure their devices from USB virus and vulnerabilities.

Avoid Using an Unknown Flash Drive

Most of us don’t care when it comes to a device like a USB. Usually, we store our important data into these storage devices and therefore, it’s common to share it with a friend or colleague. Due to such exchanges, a virus or malware could easily target your device as well.

However, a ‘free stuff’ is never uninvited, so it’s possible that a left out USB flash drive would be accepted by us. But, always remember that these abandon devices might be purposed to fool you to load a malware into your PC or another device. For that, a survey report shows that the almost 50 percent of individuals who find a lost UBS, they insert it into their device without following certain precautions.

Encrypt Your Flash Drive

Encryption is one of the most effective methods to protect your data, no matter which device you are using it. That’s why; it is the most recommended practice by the cybersecurity experts and analysts.

Strong encryption protocol such as AES 128/256 bit would be the best for data safety and flash drive protection. However, there are a few steps of flash drive encryption to ensure the most effective encryption.

Install the Antivirus Software

Install reputable antivirus software that is purposed to scan the device which is inserted into your device through a peripheral port. Often, people don’t care about the efficiency of an antivirus and keep going with a secured status perception.

However, a report from Europe Breaking News shows that only 10 out of 61, antivirus software was able to stop the immense ransomware attack, NotPetya. This is due to a couple of reasons, such as outdated antivirus software or the one which is not powerful enough. It is better to enable auto-update settings so that they update regularly with ongoing security patches.

Change the Settings

The features such as Autoplay and Autorun should be disabled from the settings. This is because these features automatically run USB devices when they are inserted into the USB port of a device.

Also, you should delete the sensitive data from your flash drives once the information has been transferred to the designated location or it’s no longer of use.

Password Protect Your USB

Due to the portability of flash drives, they are more prone to lose and malicious intervention. That’s why it is sensible decisions topassword protect your USB drive for such an unfortunate situation.

Unlike other devices such as your mobile phones and PCs, you could not set a password for your entire flash drive. You have to select certain files which contain sensitive data and you can simply save those with a USB password.

Final Words

Using a device like USB has both values as well as risks; however, you could minimize the chances of vulnerability with certain intelligent measures. With a negligent approach to these simple and quick preventions, you are encompassing yourself with many privacy threats. Whereas, the portability of USB drive makes it more prone to be attacked by the data snooper.

Zehra Ali is a Tech Reporter and Journalist with 2 years of experience in the infosec industry. She writes on topics related to cybersecurity, IoT, AI, Big Data and other privacy matters on various platforms. She is also the Editor at PrivacySniffs.

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.